← CABF Ballot Browser
Ballot-152 cancelled

Ballot 152 – SHA-1 Deprecation

Server Certificate Working Group

AI Summary

Generated 2026-06-23 21:44 UTC

Ballot overview

  • Ballot 152, titled SHA-1 Deprecation, is shown on the CA/Browser Forum page.
  • The page states that this ballot was withdrawn.

What the ballot proposed

  • The ballot aimed to maintain consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097.
  • It proposed a carve-out of logging requirements for DNSSEC, stating those requirements are not in scope.
  • It proposed that change management logging be able to confirm whether the appropriate controls are in effect.
  • It proposed sunsetting all remaining use of SHA-1 signatures in Certificates and CRLs.
  • It noted that most uses of SHA-1 signatures were already deprecated by SC097.
  • It proposed that all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked.
  • It stated that the proposal did not prohibit use of SHA-1 to generate issuerKeyHash or issuerNameHash values as required by RFC 5019.
  • It included minor formatting corrections.
Model: gpt-5.4-mini Confidence: 0.99 Result: withdrawn

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot 152 – SHA-1 DeprecationBallot 152 – SHA-1 DeprecationThis ballot was withdrawn.

View on cabforum.org → Last fetched 16 hours ago

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action